GCVE - cpe:2.3:o:gl-inet:x750_firmware:4.3.18:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:gl-inet:x750_firmware:4.3.18:*:*:*:*:*:*:*

part: o version: 4.3.18 update: *

Vendor	Gl Inet (`0ba6498a-0971-5dec-92da-bb83b4dab2f2`)
Product	X750 Firmware (`ca6b060d-ab33-54ae-8081-6e6b9b42841c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-45263`	vulnerable	2026-06-03 14:56:49.254210	Details available An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The upload interface allows the uploading of arbitrary files to the device. Once the device executes the files, it can lead to information leakage, enabling complete control. Published: 2024-10-24T00:00:00.000Z Updated: 2024-10-28T18:52:30.245Z Open on db.gcve.eu Reference links https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Arbitrary%20File%20Upload%20to%20ovpn_upload%20via%20Upload%20Interface.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45262`	vulnerable	2026-06-03 14:56:49.233812	Details available An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The params parameter in the call method of the /rpc endpoint is vulnerable to arbitrary directory traversal, which enables attackers to execute scripts under any path. Published: 2024-10-24T00:00:00.000Z Updated: 2024-10-28T19:22:25.505Z Open on db.gcve.eu Reference links https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Improper%20Pathname%20Restriction%20Leading%20to%20Path%20Traversal%20in%20Restricted%20Directories.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45261`	vulnerable	2026-06-03 14:56:49.231516	Details available An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. The SID generated for a specific user is not tied to that user itself, which allows other users to potentially use it for authentication. Once an attacker bypasses the application's authentication procedures, they can generate a valid SID, escalate privileges, and gain full control. Published: 2024-10-24T00:00:00.000Z Updated: 2024-10-28T19:19:59.290Z Open on db.gcve.eu Reference links https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypassing%20Login%20Mechanism%20with%20Passwordless%20User%20Login.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45260`	vulnerable	2026-06-03 14:56:49.228979	Details available An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it. Published: 2024-10-24T00:00:00.000Z Updated: 2024-10-28T19:27:01.398Z Open on db.gcve.eu Reference links https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Unauthorized%20Access%20to%20File%20Download%20and%20Upload%20Interfaces.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-45259`	vulnerable	2026-06-03 14:56:49.214439	Details available An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. By intercepting an HTTP request and changing the filename property in the download interface, any file on the device can be deleted. Published: 2024-10-24T00:00:00.000Z Updated: 2024-10-28T19:38:53.728Z Open on db.gcve.eu Reference links https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Delete%20Any%20File%20via%20Download%20Interface.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.